Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 May 2023 15:15:45 +1000
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Gary Aitken <freebsd@dreamchaser.org>
Cc:        TIM KELLERS <trkellers@gmail.com>,questions@freebsd.org
Subject:   Re: turning off ipv6 on lo0
Message-ID:  <33CC3500-3594-423D-BDCB-2321DCF4F1E2@nimnet.asn.au>
In-Reply-To: <996b0ce7-0bfe-03e3-0666-6cec58b4ceba@dreamchaser.org>
References:  <996b0ce7-0bfe-03e3-0666-6cec58b4ceba@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9 May 2023 3:52:44 am AEST, Gary Aitken <freebsd@dreamchaser=2Eorg> wrot=
e:
 > Can't seem to figure out how to completely disable ipv6 in
 > 12=2E4-RELEASE=2E
 > Tried everything I've found in searches, I think=2E
 >=20
 > rc=2Econf:
 >=20
 > ip6addrctl_enable=3D"NO"
 > ip6addrctl_prefer_ipv4=3D"YES"
 > ip6addrctl_prefer_ipv6=3D"NO"
 > ipv6_activate_all_interfaces=3D"NO"
 > # neither of the 2 lines below have any effect;
 > # nor does the absence of them
 > # lo0 always has ipv6 configured
 > #ipv6_network_interfaces=3D"none"
 > #ipv6_network_interfaces=3D""

Yes=2E

 > An ifconfig shows no ipv6 on any interfaces except lo0:
 >=20
 > lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
 >       options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
 >          inet6 ::1 prefixlen 128
 >          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
 >          inet 127=2E0=2E0=2E1 netmask 0xff000000
 >          groups: lo
 >          nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
 >=20
 > So how do I get rid of it on lo0?

See /etc/network=2Esubr =2E=2E=2E unless you go drastic and omit ipv6 from=
 kernel as Tim suggested, lo0 will have address ::1=2E

 > Should I care?

No need to=2E  localhost doesn't transact with other than localhost anyway=
 AFAIK, and even if tried - as you mentioned running ipfw - rc=2Efirewall i=
nitialisation runs:

setup_loopback() {
	############
	# Only in rare cases do you want to change these rules
	#
	${fwcmd} add 100 pass all from any to any via lo0
	${fwcmd} add 200 deny all from any to 127=2E0=2E0=2E0/8
	${fwcmd} add 300 deny ip from 127=2E0=2E0=2E0/8 to any
	if [ $ipv6_available -eq 0 ]; then
		${fwcmd} add 400 deny all from any to ::1
		${fwcmd} add 500 deny all from ::1 to any
	fi
}

where ipv6_available is 0 when "afexists inet6", ie in kernel (/etc/networ=
k=2Esubr)

cheers, Ian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33CC3500-3594-423D-BDCB-2321DCF4F1E2>